WEBVTT

1
00:01.260 --> 00:02.670
Hello and welcome back.

2
00:02.670 --> 00:06.090
In this lesson, we are going to study the MUL instructions.

3
00:06.090 --> 00:08.130
MUL stands for multiply.

4
00:08.990 --> 00:13.040
The syntax of the instruction is MUL register.

5
00:13.160 --> 00:20.660
Register would be any registers - - - - - - - - and whatever, and then the result

6
00:20.660 --> 00:24.590
will be stored spread across two registers - and -.

7
00:24.740 --> 00:29.270
So to get the result, you will concatenate the two registers together.

8
00:29.900 --> 00:35.450
So sometimes the result will only occupy one register.

9
00:35.450 --> 00:44.330
For example, if both the operands are small numbers, and if the operands are large numbers and the result

10
00:44.330 --> 00:48.590
is too large for -, then it will also occupy -.

11
00:49.070 --> 00:55.220
And to know whether or not it occupies -, you will look at the - itself.

12
00:55.220 --> 00:57.470
Register after the operation.

13
00:57.470 --> 01:02.690
If - is all zero, then it means that the result can fit into -.

14
01:02.690 --> 01:04.520
So that's why - is zero.

15
01:05.270 --> 01:11.600
If the - is nonzero, then it means that the result is too large to fit into -, and so you will

16
01:11.600 --> 01:18.170
need to concatenate the result and - together with the result in - to get the full final result.

17
01:18.740 --> 01:29.420
- means that the - and the - registers are concatenated together to produce the final

18
01:29.420 --> 01:29.960
result.

19
01:30.140 --> 01:33.890
Note that the size of the result is twice the size of the argument.

20
01:34.040 --> 01:41.840
So now let us take a look at the practical example by opening our x64dbg and running some code in there.

21
01:43.830 --> 01:49.020
First, we will try the operands small numbers, and then we will see what happens.

22
01:49.020 --> 01:53.040
And then later on, we will try with larger operands to see what happens.

23
01:53.370 --> 01:54.780
The differences.

24
01:54.840 --> 01:56.970
So let's move a value into -.

25
01:58.230 --> 02:04.230
So take note that in order for this instruction to work, you must first put one of the operands in

26
02:04.410 --> 02:08.550
- register and then the second operand in a separate register.

27
02:08.580 --> 02:13.830
Then when you call the MUL, it will take the operand in the - register and multiply it with the

28
02:13.830 --> 02:21.120
second register to produce the final result, which should be inside the - and, if necessary,

29
02:21.330 --> 02:22.500
- as well.

30
02:22.500 --> 02:24.480
So let's take a look at how this works.

31
02:24.480 --> 02:29.040
So for the first example, we are going to take two small numbers.

32
02:29.190 --> 02:31.650
Maybe we multiply two times three.

33
02:31.650 --> 02:33.750
So we'll move.

34
02:35.100 --> 02:41.610
We'll move two into - and then we'll move three into -.

35
02:46.460 --> 02:48.440
And then we will multiply the two.

36
02:51.470 --> 02:54.920
So to multiply, we call MUL, followed by -.

37
02:57.130 --> 02:59.800
So it is implicit that the first operand is -.

38
02:59.890 --> 03:05.020
So you do not have to specify MUL -, you just specify MUL -.

39
03:05.410 --> 03:08.050
So now let's run to our breakpoint and step over.

40
03:09.130 --> 03:11.470
So it moves two to -.

41
03:11.620 --> 03:15.010
Step over and it moves three to -.

42
03:15.040 --> 03:20.680
Now it's going to multiply - with the value in -.

43
03:20.680 --> 03:22.930
So we expect to get six.

44
03:22.960 --> 03:26.650
Notice the - and - after the operation.

45
03:26.740 --> 03:27.520
Step over.

46
03:27.520 --> 03:33.700
And now you notice - is all zeros, meaning that the result is small enough to fit into -.

47
03:33.700 --> 03:35.680
So that's why - is all zero.

48
03:35.980 --> 03:40.360
And you notice now - has got the value six, just as we expected.

49
03:40.360 --> 03:45.190
So in this example, we only need to look at - to get the result.

50
03:45.220 --> 03:49.630
Now let's try to use bigger operands and see what happens.

51
03:49.660 --> 03:54.220
This time will you move a very big number into -.

52
03:54.220 --> 04:01.060
So we'll move 1122334455667788 into -.

53
04:03.550 --> 04:10.660
And then we are going to move, uh, also a big number 11223344 5566.

54
04:11.230 --> 04:16.300
And then now we will multiply the two and see what happens.

55
04:17.940 --> 04:18.330
Okay.

56
04:18.330 --> 04:20.760
So now we are going to move this into -.

57
04:21.480 --> 04:23.760
So - has got this huge number.

58
04:23.760 --> 04:27.120
And then now we're going to move this into -.

59
04:27.120 --> 04:28.920
And - has got this number.

60
04:28.920 --> 04:32.520
And now we are going to multiply this with -.

61
04:32.640 --> 04:34.950
And notice what happens in -.

62
04:37.210 --> 04:39.250
And you see - now is non-zero.

63
04:39.280 --> 04:45.280
That means the result of the multiplication is too large to fit into -.

64
04:45.310 --> 04:48.460
That is why it also uses -.

65
04:48.460 --> 04:52.780
So to get the final result, you have to concatenate this with -.

66
04:52.780 --> 04:54.970
So what the final result reads should be.

67
04:55.240 --> 05:03.610
The final result should read 1258F6060B6060117820.

68
05:03.610 --> 05:05.140
That is the final result.

69
05:05.470 --> 05:11.950
So this is how we can use assembly code to do multiplication in the x64dbg.

70
05:11.950 --> 05:12.700
And.

71
05:12.700 --> 05:19.720
And you will also notice that the side effect of - and - flags are set to one whenever - is being used.

72
05:20.080 --> 05:27.370
If the result is small enough to fit in -, the - and - will remain as zero, it will not

73
05:27.370 --> 05:27.970
be set.

74
05:28.480 --> 05:31.060
So that's all for this, uh, lesson.

75
05:31.060 --> 05:32.320
Thank you for watching.